Friday Fun Pentest Series - 3 - concretecmsv9.2.7

 Description

- Open redirect

- Stored XSS

- Verbose error message (stack trace)

- Verbose error message (SQL error)

Verbose Error Message - Stack Trace

Steps to Reproduce:

1. Directly browse to edit profile page
2. Error should come up with verbose stack trace

Verbose Error Message - SQL Error

Steps to Reproduce:

Page Settings > Design > Save Changes

1. Intercept HTTP POST request and place single quote to "pTemplateID"
2. Verbose SQL error message would occur

Open Redirect

Steps to Reproduce:

1. Login to application
2. Click to "Edit This Page" button
3. Intercept HTTP GET request
4. Enter relevant domain as value for "redirect" parameter

Stored XSS

Steps to Reproduce:

1. Edit page
2. Add HTML widget and drag it to the page
3. Add XSS payload in the HTML editor window

"><iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">

Conclusion

- Had lots of fun fuzzing the application

- Until next Friday!

- Cheers